Account Takeover Methodology
Application Level DoS
Authentication Bypass
Broken-Link Hijacking
Broken Auth And Session Management
Finding CVEs
Web Page Source Code Review
EXIF Geo Data Not Stripped
File Upload Bypass
Find Origin IP
GraphQL
HTTP Desync Attack
Host-Header Attack
HTML-Injection
IDOR
JWT ATTACK
OAuth
SSTI
Sign Up Functionality
Tabnabbing
Weak Password Policy
Github-Dorks
GitHub Dork List :
GitHub Dorks for Finding Files
  • filename:manifest.xml
  • filename:travis.yml
  • filename:vim_settings.xml
  • filename:database
  • filename:prod.exs NOT prod.secret.exs
  • filename:prod.secret.exs
  • filename:.npmrc _auth
  • filename:.dockercfg auth
  • filename:WebServers.xml
  • filename:.bash_history
  • filename:sftp-config.json
  • filename:sftp.json path:.vscode
  • filename:secrets.yml password
  • filename:.esmtprc password
  • filename:passwd path:etc
  • filename:dbeaver-data-sources.xml
  • path:sites databases password
  • filename:config.php dbpasswd
  • filename:prod.secret.exs
  • filename:configuration.php JConfig password
  • filename:.sh_history
  • shodan_api_key language:python
  • filename:shadow path:etc
  • JEKYLL_GITHUB_TOKEN
  • filename:proftpdpasswd
  • filename:.pgpass
  • filename:idea14.key
  • filename:hub oauth_token
  • HEROKU_API_KEY language:json
  • HEROKU_API_KEY language:shell
  • SF_USERNAME salesforce
  • filename:.bash_profile aws
  • extension:json api.forecast.io​
  • filename:.env MAIL_HOST=smtp.gmail.com​
  • filename:wp-config.php
  • extension:sql mysql dump
  • filename:credentials aws_access_key_id
  • filename:id_rsa or filename:id_dsa
GitHub Dorks for Finding Languages
  • language:python username
  • language:php username
  • language:sql username
  • language:html password
  • language:perl password
  • language:shell username
  • language:java api
  • HOMEBREW_GITHUB_API_TOKEN language:shell
GiHub Dorks for Finding API Keys, Tokens and Passwords
  • api_key
  • β€œapi keys”
  • authorization_bearer:
  • oauth
  • auth
  • authentication
  • client_secret
  • api_token:
  • β€œapi token”
  • client_id
  • password
  • user_password
  • user_pass
  • passcode
  • client_secret
  • secret
  • password hash
  • OTP
  • user auth
GitHub Dorks for Finding Usernames
  • user:name (user:admin)
  • org:name (org:google type:users)
  • in:login ( in:login)
  • in:name ( in:name)
  • fullname:firstname lastname (fullname: )
  • in:email (data in:email)
  • GitHub Dorks for Finding Information using Dates
  • created:<2012–04–05
  • created:>=2011–06–12
  • created:2016–02–07 location:iceland
  • created:2011–04–06..2013–01–14 in:username
GitHub Dorks for Finding Information using Extension
Copy link